If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Mysterious user account

I was updating a Windows XP SP3 box and happened to notice that I had a new user account in documents and settings, called "UpdatusUser".

It had shortcuts to Windows remote assistance and LG updater. The LG item is the DVD drive in this box.

I looked at user accounts in control panel and the account wasn't displayed there.

A bit of investigation revealed that it must have happened when I updated the nVidia management software and drivers for the GeForce 8400GS video card. I allowed the updater utility to be installed, as there was no warning that it would create a system account.

Apparently it will do the same thing in Vista and Windows 7.

I am no expert at malware authorship but it did occur to me that this could be a potential exploit vector?

I uninstalled the nVidia updater utility and noticed that this does not get rid of the phantom account.

I am still trying to figure out the LG DVD drive bit though, as I can't quite see the connection?

The driver was 270.61

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

After the correctly installed Nvidia Optimus video driver, there will be a new account added to the system. The account is a System Service account that is used by the Nvidia Daemon update service to update the optimus profiles. The account will allow for the automatic download and installation of application profiles that the Optimus technology will use.

The account can be removed by changing it to use Local System, Set to Manual and then delete the UpdatusUser user account and folder.

It's a part of the Optimus video technology from NVidia....the article happens to be a reference from a Lenovo Page but the information applies to all installs of the Optimus Package.

Thanks Wazz!, that's a great find, and all is becoming clear to me now (doh!)

My wife bought the machine from her workplace. It has an Intel motherboard with integrated graphics. I added a 512MB nVidia GeForce 8400GS discrete card.

It would seem that the nVidia upgrade spotted the integrated chipset and applied this new application, so that the system can now use both the integrated and the discrete graphics. I think that this is similar to the Ati "Hybrid Crossfire" system?

It also appears that this nVidia application was developed with gaming and entertainment in mind. That would explain the apparently strange inclusion of the LG DVD drive update, as it also checks that the hardware drivers are up to date?

As I suspected, it should be run as Local System rather than World + dog

Thanks again, I believe that the mystery is now solved.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

Excellent!!! Glad I could help you out nihil! Nice of them to let us know they're creating accounts for us eh? Perhaps an Installwatch or Windows System State Analyzer is called for here to see what else is going on....Hmmmm. Cheers...

Indeed! that's what made me suspicious at first. Now, thanks to Wazz and a bit of investigation I find that it doesn't even work on the machine in question.

It seems to have seen the nVidia card and the onboard Intel video chipset and assumed that it was a laptop? as this is an old machine (mid-2006) I have to turn off the onboard video to run the discrete card.

From what I can see this is aimed at laptops or portable desktops and will act as a power (battery) saving mechanism, reverting to the onboard chipset for low intensity graphics requirements. At the same time it seems to be aimed at gamers; as these "profiles" look like tweaks for specific games.

I would have thought it should be something deliberately initiated by the user, rather than globally applied?

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

These accounts are created when your normal user profile is damaged. Windows creates a new user profile for you then. Although I would not re-profile referenced in the article linked below (it is for Windows 2000 and not XP), MVP Ramesh has a good explanation of the situation and how to find what you are really profile with here: